What is the GDPR?
Organizations established in the EU and processing personal data of EU-based individuals are, in almost all cases, required to comply with the GDPR since May 25, 2018.
The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals.
We have been fully committed to complying with the requirements of the GDPR. We have taken these requirements to heart and continue to make changes to our products, contracts, and policies in line with our commitment to GDPR compliance.
Have we nominated a Data Protection Officer?
Yes. The DPO can be contacted by sending an email to firstname.lastname@example.org and requesting to be put in touch with the DPO.
Do we ensure that our third-party providers are or will be compliant in time?
We have been reviewing all of our third party providers’ policies regarding GDPR, notably including:
Although we do not have control over any updates and changes they may make in how they enforce these policies, we continue to review these partners regularly and aim to work within the boundaries of GDPR with respect to third party providers.
What is a Personal Data Breach?
A Personal Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
Do we have a notification procedure in case of a Personal Data Breach?
We have specific data breach notification procedures in place, respecting the deadlines of the GDPR in communicating any breach.
What are the Rights employees can exercise?
The Rights employees can exercise are :
Right of Access: Employees may request to access their Personal Information and obtain a copy of the Personal Information which is being processed by fikaTime. In the event that employees request to know what Personal Information is being processed by us, we will provide employees with the following information: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; employees’ privacy rights; and information on data transfers.
Right of Rectification: Employees may request to change, update or complete any missing data we process about them provided they have the ability to change this in their organisation as well.
Right of Erasure: Employees may at any time withdraw their consent to our processing of their Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of their Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase the data.
Right of Restriction of Processing: Employees may request us to restrict processing of their Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by the employee; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information.
Right to Data Portability: Employees have the right to receive their Personal Information in a structured, commonly used and machine-readable format.
All of these may be subject to time limitations based on the ability of staff to provide the information in the appropriate format.
How can employees exercise their Rights?
Employees can exercise their Rights by sending an email to email@example.com to start the process.
What type of Personal Data do we collect?
Following the Privacy by Design principle, we only collect the data that we need, which in our case is at minimum the First Name, the Last Name & the Professional Email.
Then, upon customer requests, we may collect other personal data such as the employee’s department, or any other relevant data to deliver the service.
How do we collect the Personal Data?
It depends on each customer, but the main way to collect Personal Data is through the organization's information on record.
We also are integrated with Microsoft Teams & may integrate with HRIS.
Where do we store the Personal Data we collect?
The data is stored AWS (Amazon Web Services) infrastructure in Ireland. The data is never replicated or copied out the region.
How long do we store the Personal Data?
Once data is no longer required for the services, we keep the data for 18 months. After, our system automatically deletes the Personal Data.